Contributed by jose on from the fix-your-httpd dept.
A user with write permission to httpd.conf or a .htaccess file can crash httpd(8) or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).You can find the patch here: 3.3/common/009_httpd.patch .
No word yet on 3.2-stable or any patch for the new 3.4-stable branch.
Update: Patch 004 for 3.4 has been released to fix this problem.
(Comments are closed)